CCM

CCM (aka Counter with CBC-MAC or Counter with Cipher Block Chaining-Message Authentication Code) can provide assurance of the confidentiality and authenticity of data. CCM is based on an approved symmetric key block cipher algorithm whose block size is 128 bits, such as the Advanced Encryption Standard (AES) algorithm. CCM cannot be used with the Triple Data Encryption Algorithm, whose block size is 64 bits.

VOCAL’s CCM implementation is available as a standalone algorithm as well as a CCM IP Core in FPGA, PLD, or ASIC form factors.

CCM can be considered a mode of operation of the block cipher algorithm. As with other modes of operation, a single key to the block cipher must be established beforehand among the parties to the data. Therefore, CCM should be implemented within a well-designed key management structure. The security properties of CCM depend, at a minimum, on the secrecy of the key. CCM is intended for use in a packet environment when all of the data is available in storage before CCM is applied. CCM is not designed to support partial processing or stream processing.

The input to CCM includes three elements:

Data that will be both authenticated and encrypted, called the payload

Associated data that will be authenticated but not encrypted (e.g. a header)

A unique value, called a nonce, that is assigned to the payload and the associated data

CCM consists of two related processes: generation-encryption and decryption-verification. These processes combine two cryptographic primitives: counter mode encryption and cipher block chaining-based authentication. Only the forward cipher function of the block cipher algorithm is used within these primitives.

In generation-encryption, cipher block chaining is applied to the payload, the associated data, and the nonce to generate a message authentication code (MAC); then, counter mode encryption is applied to the MAC and the payload to transform them into an unreadable form, called the ciphertext. Thus, CCM generation-encryption expands the size of the payload by the size of the MAC.

In decryption-verification, counter mode decryption is applied to the purported ciphertext to recover the MAC and the corresponding payload. Then cipher block chaining is applied to the payload, the received associated data, and the received nonce to verify the correctness of the MAC. Successful verification provides assurance that the payload and the associated data originated from a source with access to the key.

A MAC provides stronger assurance of authenticity than a checksum or an error detecting code. The verification of a (non-cryptographic) checksum or an error detecting code is designed to detect only accidental modifications of the data, while the verification of a MAC, as occurs in CCM, is designed to detect intentional, unauthorized modifications of the data, as well as accidental modifications.